More on data formats

Dirkjan Ochtman dirkjan at
Wed Nov 20 01:44:09 PST 2013

On Wed, Nov 20, 2013 at 10:41 AM, Lloyd Hilaiel <lloyd at> wrote:
> 1. That an assertion lacks `iat` makes robust date range checking difficult.
> Specifically, it's hard to verify that you don't have an assertion with a
> future issue time.  shall we add `iat` to assertion format?

That sounds sensible to me.

> [1] -
> section 4.2 and 4.3 are pretty wild west about private extension naming.
> but the suggestion seems to be to add properties as you extend.

You have the wrong URL here, I think you mean

Also, Lloyed noted that that spec (JWT) currently states that 'the
"sub" value is a case-sensitive string containing a StringOrURI
value', i.e., our JSON object usage is forbidden per current spec.



More information about the Dev-fxacct mailing list